I am trying to package an Electron app with electron-builder, the most popular library for releasing electron apps. I am on a Mac and I have a Developer Account. When running the build process with the command electron-builder build --mac zip, Electron-builder will automatically search for a developer certificate in my Mac's keychain Access, and apply it to the app. When I build the app for mac it seems to build it fine including signing it. The log in the terminal related to signing is:
signing file=dist/mac/*appname*.app identityName=Developer ID Application: *MyDeveloperName*
(*myDeveloperNumber*) identityHash=*someLongHashString* provisioningProfile=none
But when I try to open the app, it immediately crashes and the error report indicates an invalid signature code:
Exception Type: EXC_BAD_ACCESS (Code Signature Invalid)
Exception Codes: 0x0000000000000032, 0x000039e9b3542040
Exception Note: EXC_CORPSE_NOTIFY
Termination Reason: Namespace CODESIGNING, Code 0x2
Yet the Developer account is valid. If I leave it unsigned (setting identity to null) when I build it, it will execute fine.
// package.json
"build": {
"appId": "com.example.appname"
"mac": {
"identity": null
}
}
I get the same error result when I build and try to execute any Electron App including the HelloWorld app on Electron's getting started page so it's universal.
Electron-builder has a boilerplate they recommend that uses Webpacker, which I don't need for my app. If I just download that boilerplate and build an app it does sign it and it does work without the error. So that confirms that it's not an issue with my Developer ID. I'd rather not use their boilerplate because it adds another layer of complexity and I'm not sure how I would make my already-built app integrate with their boilerplate. I just want my app signature to work on a regular app. Am I missing some basic step? What could be causing this issue?
I got this working. I had to enable Apple's Hardened Runtime (https://developer.apple.com/documentation/security/hardened_runtime_entitlements) before signing it. Hardened runtime adds limitations to your app that give users added security against potential exploits like code injection, dynamically linked library (DLL) hijacking, and process memory space tampering.
Essentially follow the steps in this blog that Electron-builder also linked to https://kilianvalkhof.com/2019/electron/notarizing-your-electron-application/.
This didn't work for me the first few times I tried it (prior to posting this question) for some reason but it does now. These instructions are for notarizing the app, but if you only want to sign it just follow the first two steps. The takeaway is without adding the hardened runtime, the signing would fail on app launch.
Related
So I recently started setting up app check for my existing Flutter project (for both android and iOS platforms). I've had no problem with android's "Play Integrity", got the necessary debug token, and can successfully send and retrieve data to/from firestore (app check for firestore is currently enforced for my project).
The problem is, I can not get such a debug key for my iOS app. I will list the sources I've used and what I've tried so far.
I have firebase_app_check: ^0.1.1+8 installed via pubspec.yaml
I also added pod 'FirebaseAppCheck' to my Podfile
I have the necessary initialization code in my main.dart: await FirebaseAppCheck.instance.activate(...);
For "DeviceCheck", I am using THE SAME private key that I am using
for "Sign in With Apple" (which I have implemented successfully). I
have also enabled the checkbox for DeviceCheck in the settings of
that private key (in Apple Developer).
For my App ID (Apple Developer > Identifiers > App IDs), I have also
enabled the checkbox for "App Attest".
I have put "-FIRDebugEnabled" as an argument passed on launch in
XCode > Product > Scheme > Edit Scheme.
I always uninstall my app from my iOS simulator (iOS 16.2) or real device (iOS 16.1.2),
before trying again, because I have read across multiple forums that
the debug token only gets printed to the output the first time you
run your app.
I have also added these 4 lines of code in my AppDelegate.swift from here:
#if DEBUG
let providerFactory = AppCheckDebugProviderFactory()
AppCheck.setAppCheckProviderFactory(providerFactory)
#endif
Official firebase docs "iOS+ (App Attest)":
I have NOT copied ANY code from this page of the official docs, as I assume it's for native iOS apps only, and not for flutter, and I don't know where exactly I would have to put that code. I have only added the pod dependency and run pod install.
I don't have a .entitlements file.
So after all those steps, I'm apparently supposed to expect to find a debug token in my run output, as in:
Yet the only relevant output I can find is the following:
Runner[72719:33546579] 10.3.0 - [FirebaseFirestore][I-FST000001] AppCheck failed: 'The operation couldn’t be completed. (com.apple.devicecheck.error error 1.)'
If it matters:
I have NOT YET uploaded my iOS app to apple developer, app store connect or whatever (I'm not yet familiar with the process of publishing to the app store).
Neither have I uploaded my android app to Google Play console or created an app there (for this project).
Don't tell me anything about firestore rules. I already had that set up long ago, and everything worked just fine before I started integrating App Check.
Don't recommend any 3rd party plugins to me, I will only use official ones.
The firebase documentation says:
Tip: Confirm in your Xcode project's build settings that it passes the DEBUG flag to the Swift compiler
Try removing the '#if DEBUG' and '#endif' and run the app.
If it works, it mean you have missed that step
I was not able to find that build setting, so i just removed those lines from the AppDelegate, but i need to keep in mind to remove the other 2 lines while building the release mode
See this answer on the flutterfire Github issues page. Basically, call setAppCheckProviderFactory before GeneratedPluginRegistrant.register(with: self) in the app delegate file. I was investigating the same issue and it fixed it for me (the debug token was instantly printed out in Xcode's debug output). Hope it helps you as well!
I am using Windows VS 2019 paired to my Mac. My Xamarin.iOS app has started crashing with this error in the Xcode device logs: DYLD Library not loaded mapped file has no cdhash, Code has to be at least ad-hoc signed.
Visual Studio reports that the app deployed successfully on the iPhone and it starts to open then crashes. This only happens when deploying the app in debug mode. I can deploy in release mode to my iPhone and app store connect and the app runs fine. But I need to be able to debug.
Also, after the app crashes on the phone Visual Studio is still running in debug. But when I stop it a dialog box error pops up that says "The debugger was unable to terminate one or more processes: Mono: The debugger is still attaching to the process or the process is not currently executing the type of code selected for debugging."
I contacted Apple developer technical support but they say they can't help because I'm using 3rd party tools (Visual Studio). This is all they would tell me, "The immediate cause of this error is very clear: Some part of your program is not signed and thus iOS refuses to load it... Because the third-party tool is creating the project that you’re asking Xcode to sign. Specifically, this message: DYLD Library not loaded mapped file has no cdhash
means that the code simply wasn’t signed. If you were working with a normal Xcode project you’d never get into this situation."
I have uninstalled and reinstalled all of my Apple certificates in Keychain and made sure the trust setting is set to Use System Defaults. I have revoked and removed all my certificates, identities, and profile in Apple Developer and re-created them. sand I have upgraded Xcode to 12.5 and Visual Studio to 16.10.1.
Here is the error from the Xcode device log:
Exception Type: EXC_CRASH (SIGABRT)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY
Termination Description: DYLD, Library not loaded: #rpath/libGT.Partners.Phone_Order_Entry.iOS.exe.dylib | Referenced from: /private/var/containers/Bundle/Application/2F1480CA-1262-4922-B33E-91E0DFC6DFDC/GT.Partners.Phone_Order_Entry.iOS.app/GT.Partners.Phone_Order_Entry.iOS | Reason: no suitable image found. Did find: | /private/var/containers/Bundle/Application/2F1480CA-1262-4922-B33E-91E0DFC6DFDC/GT.Partners.Phone_Order_Entry.iOS.app/libGT.Partners.Phone_Order_Entry.iOS.exe.dylib: code signature in (/private/var/containers/Bundle/Application/2F1480CA-1262-4922-B33E-91E0DFC6DFDC/GT.Partners.Phone_Order_Entry.iOS.app/libGT.Partners.Phone_Order_Entry.iOS.exe.dylib) not valid for use in process using Library Validation: mapped file has no cdhash, completely unsigned? Code has to be at least ad-hoc signed. | /private/var/containers/Bundle/Application/2F1480CA-1262-4922-B33E-91E0DFC6DFDC/GT.Partners.Phone_Order_Entry.iOS.app/libGT.Partners.Phone_Order_Entry.iOS.exe.dylib: stat() failed with errno=1
Has anyone encountered and fixed this? Please help!
In working with Microsoft they found a bug in Visual Studio. They found that the issue is entirely around the incremental build option. This seems to be broken in Visual Studio 2019 on Windows when deploying to a iPhone connected to the Mac. They could reproduce the exact error in a template project just by enabling incremental builds.
Apparently incremental builds work by creating that lib.exe.dylib dynamic library to allow building and loading just the changes so the bug seems to be that the generated incremental library is not being signed correctly.
When I disable incremental builds I am able to deploy my app to the iPhone and debug it.
Uncheck "Enable Incremental builds" in iOS Build settings.
Thanks to #jwrule.
I have been trying to submit a Swift 3 app to Apple from Xcode 8.2 , App passes through all phases but gets stuck at authentication forever and then ends with an error. But then I export app for Appstore submission and then upload the same using Application Loader, tried with two different accounts but no avail. Have referred to this thread as well This action could not be completed. Try Again (-22421)
Most upvoted answer says apple servers may be misbehaving but I wonder how many days ? Is this something specific to Swift app ? I havent tried submitting any ObjC app recently so not sure, can anyone provide a solution ?
I stopped using Xcode uploader after 2 hours of failed uploading attempts. Then I took Application Loader instead and it told me the exact reason of fails. In my case it was too fat watch extension.
Hope this will help.
It's ongoing issue with Apple App uploader server, since couple of days, so you don't have a way, rather than waiting.
You can try following solutions:
Use Application Loader to upload your app, as Xcode organizer can't upload file (rejects IPA) sometimes, without genuine reason and it's frequently occurring issue, with Xcode Organizer, that apple could not resolve permanently.
Solution for error code: 22421
Apple app upload server is not working properly (not in
connection or lost connection during file upload). Just wait and try
again later (may be after a day).
Fluctuation in your network
connection, during file upload.
You may not have added privacy
statements in your info.plist file.
Cocoa Keys: Here, is list of keys that you should consider to add in your info.plist file, if you have used that service in your application.
Nowadays, you may also face, this error code: 90186 (with app loader)
Outdated application loader can be reason of this error. Use latest Xcode tool and use application loader from Xcode Tool.
Incorrect/invalid provisioning profile, associated with your build. Ensure, your have used correct provisioning profile (A provisioning
profile with Distribution/Production mode is require. A Development mode provisioning profile won't allow your to upload app on store.)
You can find latest Application Loader Tool from latest Xcode Tool: Xcode ▶ Open Developer Tool ▶ Application Loader
We are currently trying to deploy a new version of an iOS Enterprise App via Mobile Device Management after some changes in architecture.
The same app has succesfully been deployed a couple of times in the past, but we recently added a library to the app (in order to reuse some of our code in different places).
The app runs fine when started from Debugger, but crashes immediatly after start when signed and deployed via Mobile Device Management. iOS Crashlog reveals that the library we added does exist but is not loaded.
The error message reads:
Dyld Error Message:
Library not loaded: #rpath/MYAPPLib.framework/MYAPPLib
Referenced from: /private/var/mobile/Containers/Bundle/Application/XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/MYAPP_iOS.app/MYAPP_iOS
Reason: no suitable image found. Did find:
/private/var/mobile/Containers/Bundle/Application/XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/MYAPP_iOS.app/Frameworks/MYAPPLib.framework/MYAPPLib: mmap() error 1 at address=0xXXXXXXXX, size=0xXXXXXXXX segment=__TEXT in Segment::map() mapping /private/var/mobile/Containers/Bundle/Application/XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/MYAPP_iOS.app/Frameworks/MYAPPLib.framework/MYAPPLib
(The bundle identifier and application name have been changed)
We suspect that this might be a signing issue. After archiving the product and exporting ("Save for Enterprise Deployment"), we noticed that no Provisioning Profile is selected for said library (see screenshot below)
Long story short, the question is:
Is it necessary for a library in an iOS App to have a Provisioning Profile? If so, how can I assign one?
All right, so we are still not sure what exactly the problem was. But we can say that the error was resolved by issuing a new developer certificate. So if you are facing the same problem, maybe you want to try this as well.
From the console seems that the app does not find the framework file.
Make sure in your Build Settings you set the Runpath Search Paths to #executable_path/Frameworks
Make sure in Build Phases to have your Framework under Embed Frameworks.
Add your framework under Link Binary With Libraries.
If your framework is developed under same project make sure you make sure you have it under Copy File under Build Phases.
I have a problem.
I developed an application iOS with MonoTouch, Fantastic!!!
But now my customer asks me that wants to sign him the app, with his certificate.
Is there a solution?
It’s possible create a xcode source from monotouch???
I have read a –xcode command but I found little doc
The --xcode option is deprecated. Once upon a time it was useful to debug some issues but better options exists today.
As for signing you can use the codesign command-line tool to (re)sign the application.
For an example just look at your build output (from MonoDevelop's Error List pad) to see the exact command line that MonoDevelop use to sign your application. Your client will opnly need minor adjustment (to the options) to re-sign it.